Heriplor

Threat Actor Profile Updated 24 days ago
Download STIX
Preview STIX
Heriplor, a notable threat actor in the cybersecurity landscape, has been associated with multiple malicious campaigns involving the use of advanced Trojans. The entity is particularly linked to the Dragonfly 2.0 campaign, where it utilized both the Heriplor and Karagany Trojans, which were also employed in earlier Dragonfly operations between 2011 and 2014. This suggests a persistent and evolving threat, given the reuse and refinement of these tools across different cyber-espionage campaigns. As per the analysis conducted by CTU researchers, there is no evidence indicating that other threat actors have used Havex or Heriplor, suggesting that these tools are unique to this specific threat actor. This exclusivity further underscores the sophistication and distinctiveness of Heriplor's operations, making it a significant concern for entities aiming to secure their digital environments against such advanced threats. Further investigation into Heriplor's activities revealed intriguing connections to the IRON LIBERTY Havex second-stage malware sample from 2014. Both Heriplor and this Havex sample wrote identical files and shared a command and control (C2) server. These similarities suggest that Heriplor was likely developed from the Havex code base, indicating a continuous evolution and adaptation of its methods over time. This revelation highlights the need for constant vigilance and updated defensive measures to counteract such adaptable and enduring threats.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Heriplor Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
Dragonfly: Western energy sector targeted by sophisticated attack group
MITRE
a year ago
Resurgent Iron Liberty Targeting Energy Sector